CVE - CVE-2010-0734

CVE-ID
CVE-2010-0734	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:20101027 rPSA-2010-0072-1 curl URL:http://www.securityfocus.com/archive/1/514490/100/0/threaded MISC:20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX URL:http://www.securityfocus.com/archive/1/516397/100/0/threaded MISC:38843 URL:http://secunia.com/advisories/38843 MISC:38981 URL:http://secunia.com/advisories/38981 MISC:39087 URL:http://secunia.com/advisories/39087 MISC:39734 URL:http://secunia.com/advisories/39734 MISC:40220 URL:http://secunia.com/advisories/40220 MISC:45047 URL:http://secunia.com/advisories/45047 MISC:48256 URL:http://secunia.com/advisories/48256 MISC:ADV-2010-0571 URL:~~http://www.vupen.com/english/advisories/2010/0571~~ (Obsolete source) MISC:ADV-2010-0602 URL:~~http://www.vupen.com/english/advisories/2010/0602~~ (Obsolete source) MISC:ADV-2010-0660 URL:~~http://www.vupen.com/english/advisories/2010/0660~~ (Obsolete source) MISC:ADV-2010-0725 URL:~~http://www.vupen.com/english/advisories/2010/0725~~ (Obsolete source) MISC:ADV-2010-1481 URL:~~http://www.vupen.com/english/advisories/2010/1481~~ (Obsolete source) MISC:APPLE-SA-2010-06-15-1 URL:http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html MISC:DSA-2023 URL:http://www.debian.org/security/2010/dsa-2023 MISC:FEDORA-2010-2720 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html MISC:FEDORA-2010-2762 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html MISC:GLSA-201203-02 URL:http://security.gentoo.org/glsa/glsa-201203-02.xml MISC:MDVSA-2010:062 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:062~~ (Obsolete source) MISC:RHSA-2010:0329 URL:http://www.redhat.com/support/errata/RHSA-2010-0329.html MISC:USN-1158-1 URL:http://www.ubuntu.com/usn/USN-1158-1 MISC:[oss-security] 20100209 CVE Request -- cURL/libCURL 7.20.0 URL:http://www.openwall.com/lists/oss-security/2010/02/09/5 MISC:[oss-security] 20100309 Re: CVE Request -- cURL/libCURL 7.20.0 URL:http://www.openwall.com/lists/oss-security/2010/03/09/1 MISC:[oss-security] 20100316 Re: CVE Request -- cURL/libCURL 7.20.0 URL:http://www.openwall.com/lists/oss-security/2010/03/16/11 MISC:http://curl.haxx.se/docs/adv_20100209.html URL:http://curl.haxx.se/docs/adv_20100209.html MISC:http://curl.haxx.se/docs/security.html#20100209 URL:http://curl.haxx.se/docs/security.html#20100209 MISC:http://curl.haxx.se/libcurl-contentencoding.patch URL:http://curl.haxx.se/libcurl-contentencoding.patch MISC:http://support.apple.com/kb/HT4188 URL:http://support.apple.com/kb/HT4188 MISC:http://support.avaya.com/css/P8/documents/100081819 URL:http://support.avaya.com/css/P8/documents/100081819 MISC:http://wiki.rpath.com/Advisories:rPSA-2010-0072 URL:http://wiki.rpath.com/Advisories:rPSA-2010-0072 MISC:http://www.vmware.com/security/advisories/VMSA-2011-0003.html URL:http://www.vmware.com/security/advisories/VMSA-2011-0003.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=563220 URL:https://bugzilla.redhat.com/show_bug.cgi?id=563220 MISC:oval:org.mitre.oval:def:10760 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760 MISC:oval:org.mitre.oval:def:6756 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756
Assigning CNA
Red Hat, Inc.
Date Record Created
20100226	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100226)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)